[moses]

I was wondering about the ultimate security of the Blackberry.

I would be interested in getting a bb but I'm not sure as to its internal security from outsiders.

Can ANYONE (and by this I really do mean ANYONE) at all read my messages as I send them through to my business associates, or can they be captured as they send messages to me. Security is my major concern in choosing a text based device.
Is BB the way to go?

[Grifter]

I would imagine that your blackberry is as secure as your e-mail client.

[finch]

First and foremost the Blackberry is built on email/security, hence the widespread use of the Blackberry with GOV and military organizations for eg. where security is a must.

[dangerousbehavior]

From the Blackberry website... Blackberry Security Overview.

I found this article as well, which claims that not all of the BB's email is as secure as you think, Blackberry Security.
Although, from what the article says, email from your BB to a general (non corporate account) is only as secure as an email from your web based email account to another general email address.
So your emails to your co-workers if they stay within your corporation, yes those would be secure.

And when you ask if ANYBODY can read your email... well, there is always going to be somebody that can do something you don't want them to do. ;)

[jdh]

The Blackberry is the most secure commercially-available wireless e-mail device that you'll find. Nobody is going to be able to snarf any of your messages over-the-air between your Blackberry and your messaging network, as they are encrypted during transmission.

In fact, I have a couple of clients that are in regulatory compliance monitoring who have corporate policies that completely prohibit confidential discussions via e-mail, yet they allow their investigators to use Blackberries to share investigative details via internal e-mail.

Keep in mind, however, that the minute you send anything out to the Internet via SMTP, it is travelling in clear and readable text, unless you have taken specific steps to manually encrypt it before sending by using something like PGP or S/MIME (which the majority of people do not use, as it requires compatible technology and digital certificates at both ends).

There is an S/MIME Support Pack available for the Blackberry, but it's not readily available to the average consumer, since it carries a per-user price of around $200 -- it's mostly targeted at Government organizations and large corporations who would actually have the need for such security.

However, unless you're running something like PGP or Entrust in your environment already, any e-mails that you send from your desktop e-mail client are equally insecure, so the Blackberry is not going to be the main issue here.

[tvaldez]

Does anybody know if there is a PGP package available? If it's just a Java thing, then all it might need is to be recompiled with that RIM certificate, right?

[mpd600]

I know from working for a law enforcement agency that street gangs and organized crime type groups are quite fond of blackberry's security features and their BES admins.

[jibi]

Quote:

Originally Posted by mpd600

I know from working for a law enforcement agency that street gangs and organized crime type groups are quite fond of blackberry's security features and their BES admins.

hahah!

[southwestcomm]

Incorrect. If you are using a BES all messages are, by default, triple DES encrypted. The new BES 4.0 supports AES encryption. Doesn't matter where the message is sent, without the encryption/decryption keys you can't read the message.

[jdh]

Quote:

Originally Posted by southwestcomm

Incorrect. If you are using a BES all messages are, by default, triple DES encrypted. The new BES 4.0 supports AES encryption. Doesn't matter where the message is sent, without the encryption/decryption keys you can't read the message.

While that is true for the connection from the Blackberry to the BES, once the message arrives at the BES, it is decrypted (by the BES) and inserted into the e-mail system. At that point it will be stored and transmitted in whatever native format the e-mail system uses, and is therefore only as secure as your underlying e-mail system.

So while the over-the-air transmissions are extremely secure, for the reasons that you mention (3DES/AES encryption, etc) if you're sending an Internet e-mail, it is going to travel out across in the Internet (ie, from your home e-mail system) using SMTP, which is clear text (unless you are using some form of client-side PKI encryption such as S/MIME or PGP).

Obviously, if you're only sending internal e-mail from your Blackberry (ie, to your co-workers on the same Exchange/GroupWise/Notes system), then your messages will be a fair bit more secure than standard Internet e-mail, but this has nothing to do with using a Blackberry, but is rather a function of the e-mail system itself.

[southwestcomm]

Yes, you are correct. I assumed the discussion involved sending messages from Blackberry user to Blackberry user.